oreilly.comSafari Books Online.Conferences.


AddThis Social Bookmark Button

What Is ClamXav (and do Mac users really need antivirus)
Pages: 1, 2

Setting up the ClamXav Sentry

While the ClamXav Sentry looks like just another tab in a preferences sheet, it's actually an amazing part of this application. Indeed, the Sentry brings background scanning capabilities to ClamAV on Mac OS X, but does so while staying remarkably lightweight and transparent--something most background-scanning competitors cannot do.

To start using the Sentry, simply add folders to its watch list by dropping them onto the window. Be careful not to add folders containing heavily nested folders, as this can eventually lead to slowdowns. It's better instead to create a long list of single entities--good candidates are your Public folder, Mail downloads, and the computer's Shared folder. Once the Sentry is activated, it will wake up and silently scan any file created in these locations.

Setting the Sentry to automatically start when you log into your Mac is obviously something you want--not doing so would negate the whole point of background scanning. Scanning removable media, on the other hand, can lead to serious slowdowns if you decide to mount a slow server or insert a DVD in your optical drive.

To save the Sentry settings, use the special "Save Settings and Launch ClamXav Sentry" button that will take care of all the file writing and daemon restarting involved in the operation for you.

Notice the new menu that appeared in your bar? This is the ClamXav Sentry menu, that will discretely flash every time Clamav is at work behind the scenes. If the application detects a virus, it will immediately pop up an alert window informing you of the fact.

Testing ClamXav and the Sentry

The best way to test ClamXav and its Sentry feature is to simply download a file called the EICAR test file. This file, actually a harmless text file, is an industry-standard test designed to activate antivirus applications. If your antivirus protection reacts to it, chances are that it is configured properly and working as expected.

To get it, go to this page and download the files listed at the bottom, from the left to the right. These are basically the same file but it is increasingly disguised, zipped, and stealthed to make it harder for your antivirus to detect it. Clamav should detect all the files in a flash and warn you about them.

Once you confirm that ClamXav passed the test, you can safely delete the file and go back to work.

An Interview with Mark Allan, ClamXav Developer

By now, you should be up and running with ClamXav and enjoying a new layer of protection on your Mac. As usual, I encourage you to read the ClamXav manual and website to get a complete idea of what that application can do for you. The ClamXav website also contains great community-powered forums that should assist you if you encounter any problems with the application.

For now, however, let's kick back and relax with a brief conversation with Mark Allan, ClamXav developer.

FJ: ClamXav has recently reached version 1--1.0.1 at time of writing--which seems to indicate it has reached a level of maturity. How long did it take you to get it to this point?

MA: ClamXav was a project I started during the summer of last year [2004]. At the start, it was incredibly basic consisting of a window with only three elements: a text input field to type the path of a directory to be scanned, a button to initiate the scan, and a large text box where the output of the scan would appear. As you can see from its appearance and functionality today, we've come quite a long way in the space of a year!

FJ: Indeed. I must say ClamXav is one of the most elegant Aqua-conforming antivirus applications I have seen since I started using Mac OS X. Did you get any special input from users while you were designing it?

MA: Well, to be honest, that's about the first positive comment I've had regarding the interface. Thanks! As for the rest, "special" would certainly be one word you could use to describe the feedback I've had. They range from the mildly constructive "horrible flagrant use of brushed metal" to the just plain rude.

FJ: Whoops… You followed your heart, then!

MA: I've been a Mac user for 13 years, and I have a pretty good idea of what feels "right" and "Mac-like" to me, so that's how I designed ClamXav. It looks very wrong in the non-brushed-metal theme, so I've stuck with it. If any designers out there would like to take a shot at redesigning the interface, please drop me a line.

FJ: Were you already familiar with ClamAV before starting your work?

MA: Yes I was, but not for long. I was looking for a low cost or free antivirus program for my computer, as I had just forwarded an infected Word document to a friend of mine who used Windows at the time. He's now been converted but that's another story. I came across ClamAV which was an open-source virus scanner for UNIX and its variants. When I downloaded, built and ran it, I was amazed that not only did it work, but that it also picked up the infected file I had sent to my friend.

I used it for about two weeks before getting fed up with the command line interface as is common in open-source tools. I still wanted to use the software, but needed to make it easier to use. As a result, ClamXav was born.

FJ: That sounds like one of the success stories you see on the ADC website. As the father of ClamXav, what would you say are its strong points?

MA: I think the main advantages of ClamXav are that it's free, the scanning engine is supported and maintained by a large international community of excellent programmers and, with ClamXav being written by only one person, when people have problems, questions or suggestions for new features, they get to speak directly to the programmer--me. I try my best to answer emails as soon as I can and will always endeavor to add requested features.

FJ: Excellent points. And, ClamXav being a security application, I'm sure you get plenty of e-mails! Since we're talking about requested features, the ClamXav Sentry brings elegant background scanning back to antivirus applications on the Mac. I assume this was a heavily requested addition. Was developing it particularly challenging?

MA: The ClamXav Sentry feature was the single most difficult feature I've added to ClamXav to date. Not only did it involve months investigating how to monitor folders properly for changes (i.e., not just crudely comparing the contents at specific intervals), I had to go back to my grass roots and brush up my C programming skills--a language I've not used in about 5 years.

On top of that, procedures in C/C++ cannot be used in Java, which is what ClamXav is written in. The only option was then to learn an entirely new language, Objective-C, and to program ClamXav Sentry as a completely separate entity. That, in turn, brought its own issues of how to keep ClamXav and Sentry separate but make it appear as one in the same package. I've still got some distance to go in that regard, but I think it's getting there.

FJ: You touch on the topic of security on your website. Do you feel the Mac community at large has become lenient with regard to viruses?

MA: In a way, yes, but I'm not convinced complacency when it comes to viruses is a trait unique to Mac users. If it were, then that implies that all those people on the non-Mac side of the fence have up-to-date antivirus software and are adequately protected. I very much doubt that is the case and in my opinion, the greater issue which needs to be addressed is a lack of knowledge about computer security in all computer users.

Antivirus software and other security tools (firewall, rootkit scanners etc) need to ship with all computers and come pre-configured to update themselves automatically. Until that happens, viruses and security issues will continue to crop up time and time again.

FJ: That's a great point to close with. Thanks so much for your time, Mark.

FJ de Kermadec is an author, stylist and entrepreneur in Paris, France.

Return to the Mac DevCenter